摘要
面对复杂多变的国际网络空间安全形势以及日益严峻的恶性网络攻击态势,针对集团化企业面临的主机安全、设备安全、网络安全、数据安全、业务安全等安全威胁,论述了基于实战化的防范网络对抗的关键技术与策略,包括基于网络对抗的主动诱捕系统设计、基于分级分类的安全自动编排技术(SOAR)、基于轻量级零信任策略的设备监控技术、数据和供应链的安全防护与管控技术等,并详细讨论了攻击暴露面的全面收敛和平战结合的对抗性网络应急实训、不同安保时期的网络应急措施、应对恶意攻击的平台联动与安全运营等实战化网络安全运营实践与措施。
In the face of the complex and changeable international cyberspace security situation and the increasingly severe threat of cybersecurity attacks,aiming at security threat of collectivized industry intelligent manufacturing enterprises,such as host security,device security,network security,data security,business security and other security threats,this paper discusses the key technologies and strategies for preventing network confrontation based on actual combat,including threats active trapping system design based on network confrontation,security automatic orchestration technology based on hierarchical classification,equipment monitoring technology based on lightweight zero-trust strategy,data security protection technology for full life cycle control and network supplies chain,etc.It also discusses in detail the practical cybersecurity operation practices and measures,covering adversarial network emergency training based on the combination of the comprehensive convergence of the exposed surface of interconnected attacks and peacetime and wartime combining,the network emergency measures in different security periods,and the platform linkage and security operation responding to malicious attacks.
作者
姚卓
Yao Zhuo(Beijing Venus Cybersecurity Tech.Co.,Ltd.,Beijing 100193,China)
出处
《信息技术与网络安全》
2022年第5期25-31,共7页
Information Technology and Network Security
基金
工信部重点项目:“2020年工业互联网创新发展工程”(TC200H01V)。
关键词
主动防御
诱捕技术
分类分级
态势感知
安全运营
active defense
trap technology
classification and grading
situational awareness
security operation
